Click here to Skip to main content
15,850,103 members
Please Sign up or sign in to vote.
2.20/5 (3 votes)
See more:
Hi ,

I would like to know the Insert query in the VB.Net code behind will work in Production environment because which is working perfectly in other environments(DEV,QA) but not in production so I want to know is that because of any restriction that insert query in code behind is not working in production.

Code :-
VB
Dim _sqlDET As String = _
               "INSERT INTO dbo.tablename1 " & _
               "SELECT * FROM dbo.tablename2 " & _
               "WHERE ID=" & _ID & ""


Please help me to fix this ..
Posted
Updated 26-Jun-13 6:10am
v3
Comments
[no name] 26-Jun-13 11:07am    
Other than not using a proper parameterized query to guard against SQL injection attacks, you have not described anything that needs to be "fixed"....
prasy123 26-Jun-13 11:31am    
This is the query which I am using in code behind but I don't need any fix in this query .I want to know is there any restriction that will block this query to run in production environment.
[no name] 26-Jun-13 11:35am    
How exactly would you think the we would know that? If your company, IT department, DBAs have not imposed any restrictions, then there none.
prasy123 26-Jun-13 11:40am    
Ok.. Thanks for your replay and your time.
CHill60 26-Jun-13 11:09am    
You probably do not have the appropriate permissions on the database to update the production data.

You need to admit that issue described as: "(insert query) is working perfectly in other environments(DEV,QA) but not in production" is not informative at all.

There are several reasons of above behavior...

As ThePhantomUpvoter has mentioned, rather than using query in code behind, use stored procedures[^] to avoid sql injection[^].

More:
How To: Protect From SQL Injection in ASP.NET[^]
Stop SQL Injection Attacks Before They Stop You[^]
Dynamic SQL & SQL injection[^]
How to: Execute a Stored Procedure that Returns Rows[^]
Using Stored Procedures with a Command[^]
How to: Execute a Stored Procedure that Returns a Single Value[^]
How to: Create and Execute an SQL Statement that Returns No Value[^]

As Chill60 has mentioned, there could be an issue conflict with permissions (there are few levels), privileges, rules, etc.
Permissions (Database Engine)[^]
Permissions Hierarchy (Database Engine)[^]
Script to determine permissions in SQL Server 2005[^]
sql server difference between grant and with grant/[^]
beginner sql tutorial: sql grant, revoke, privileges and roles[^]
 
Share this answer
 
Comments
Sergey Alexandrovich Kryukov 16-Jul-14 19:51pm    
5ed.
—SA
Maciej Los 17-Jul-14 1:39am    
Thank you, Sergey ;)
I figured out the issue and fixed..

The issue was no.of fields in the production table is different from the no.of fields in the dev and QA tables. That's why the insert query in code behind worked fine DEV and QA but not in Production and now I removed the extra field from the production table then the insert query is working fine in production also.
 
Share this answer
 

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900